| View previous topic :: View next topic |
| Author |
Message |
NuclearFusi0n
Apprentice
Joined: 20 Jun 2003
Posts: 297
|
 Posted: Tue Aug 12, 2003 10:03 am Post subject: How can I monitor ssh sessions on my box? |
 |
|
I'm running sshd and I want to watch a user or two in their sessions - how is this possible?
and do you recommend any configuration of sshd beyond the defaults?
_________________
I will keel yoo grub |
|
| Back to top |
|
 |
carbon
Guru
Joined: 27 Jun 2003
Posts: 455
Location: New York
|
| Posted: Tue Aug 12, 2003 1:16 pm Post subject: |
|
|
you mean watching them in real time and see what they are doing?
that is over my head, but one thing you can tell who is logged on, just type ps aux.
_________________
I do what I want, and that's what I do.
GNU World Domination
Carbon |
|
| Back to top |
|
|
sKewlBoy
Guru
Joined: 03 Nov 2002
Posts: 406
Location: Portugal
|
| Posted: Tue Aug 12, 2003 1:32 pm Post subject: |
|
|
To see who's logged on you use "who" or "w" or "finger" (if you have it running).
"ps aux" won't give you who's logged on, will show you who as processes running... if it's a bash, then it's logged on. So then you could use "ps aux | grep bash | cut -d " " -f 1 | sort | uniq" to get it in a complicated way  (replacing bash for any shell you might use).
I think monitoring ssh session is possible with tty sniffers, but I wouldnt go there.... besides, why would you monitor someone's session ? It should be private... And you can always cat their $HISTFILE, if they didnt unset it before logging out, but that wouldnt be realtime, nor very complete... |
|
| Back to top |
|
|
GentooBox
Veteran
Joined: 22 Jun 2003
Posts: 1168
Location: Denmark
|
| Posted: Tue Aug 12, 2003 3:55 pm Post subject: |
|
|
if you are root on the box.
then you could use ~/.bash_history to see what they type.
i think there is a script somewhere to monitor the bash_history live.
but i havent found it yet.
_________________
Encrypt, lock up everything and duct tape the rest |
|
| Back to top |
|
|
Safrax
Guru
Joined: 23 Apr 2002
Posts: 422
|
| Posted: Tue Aug 12, 2003 4:33 pm Post subject: |
|
|
| GentooBox wrote: | if you are root on the box.
then you could use ~/.bash_history to see what they type.
i think there is a script somewhere to monitor the bash_history live.
but i havent found it yet. |
tail -f ~/.bash_history? |
|
| Back to top |
|
|
GentooBox
Veteran
Joined: 22 Jun 2003
Posts: 1168
Location: Denmark
|
| Posted: Tue Aug 12, 2003 4:40 pm Post subject: |
|
|
| Code: |
cat /root/.bash_history
|
if you are logged in as root and want to se your own bash history.
| Code: |
cat /theusername/.bash_history
|
if you want to see theusername´s bash history.
you may also have a look at /var/log/sshd/current
_________________
Encrypt, lock up everything and duct tape the rest |
|
| Back to top |
|
|
sKewlBoy
Guru
Joined: 03 Nov 2002
Posts: 406
Location: Portugal
|
| Posted: Tue Aug 12, 2003 4:57 pm Post subject: |
|
|
.bash_history is only available if the users don't unset its env ($HISTFILE as I mentioned...).
I dont know why you want to spy on that user, but if you think he's doing something he should not, he probably won't do something stupid as leaving .bash_history ... I wouldn't  |
|
| Back to top |
|
|
NuclearFusi0n
Apprentice
Joined: 20 Jun 2003
Posts: 297
|
| Posted: Thu Oct 23, 2003 4:36 am Post subject: |
|
|
boomp.
_________________
I will keel yoo grub |
|
| Back to top |
|
|
dma
Guru
Joined: 31 Jan 2003
Posts: 437
Location: Charlotte, NC, USA
|
|
| Back to top |
|
|
ed0n
l33t
Joined: 23 Apr 2003
Posts: 638
Location: Prishtine/Kosove
|
| Posted: Tue Oct 28, 2003 9:09 am Post subject: Re: How can I monitor ssh sessions on my box? |
|
|
| NuclearFusi0n wrote: | I'm running sshd and I want to watch a user or two in their sessions - how is this possible?
and do you recommend any configuration of sshd beyond the defaults? |
who , if you want to kill a connection ps aux (man ps)  |
|
| Back to top |
|
|
amne
Bodhisattva
Joined: 17 Nov 2002
Posts: 6378
Location: Graz / EU
|
| Posted: Tue Oct 28, 2003 9:14 am Post subject: |
|
|
man sshd_config
| Quote: | LogLevel
Gives the verbosity level that is used when logging messages from
sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VER-
BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
higher levels of debugging output. Logging with a DEBUG level
violates the privacy of users and is not recommended.
|
note: this isn't specific for one user but all.
if i remember correctly, one of the debug levels was called "fascist logging" in on of the earlier versions of sshd 
respect the privacy of your users, if you don't trust them, don't give them an account (assuming you are in the position to decide this). |
|
| Back to top |
|
|
viperlin
Veteran
Joined: 15 Apr 2003
Posts: 1319
Location: UK
|
| Posted: Sat Apr 10, 2004 11:52 pm Post subject: |
|
|
| In Mandrake .bash_history is live (well to my memory it was) |
|
| Back to top |
|
|
Acidic
n00b
Joined: 07 Apr 2004
Posts: 12
Location: Ontario, Canada
|
| Posted: Thu Apr 15, 2004 10:38 am Post subject: |
|
|
| Quote: |
an sshd_config
Quote:
LogLevel
Gives the verbosity level that is used when logging messages from
sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VER-
BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
higher levels of debugging output. Logging with a DEBUG level
violates the privacy of users and is not recommended.
note: this isn't specific for one user but all.
if i remember correctly, one of the debug levels was called "fascist logging" in on of the earlier versions of sshd
respect the privacy of your users, if you don't trust them, don't give them an account (assuming you are in the position to decide this).
|
Um just wondering... Where is this logging stored?
I tried .bash_history and that gave me an new empty file.
Do i need to specify where the loglevel output goes?
_________________
I can take your thoughts away
And ill ignite your fear today
I can take you far away...
With my mind |
|
| Back to top |
|
|
viperlin
Veteran
Joined: 15 Apr 2003
Posts: 1319
Location: UK
|
| Posted: Thu Apr 15, 2004 4:48 pm Post subject: |
|
|
| goes to /var/log/messages here, syslog-ng |
|
| Back to top |
|
|
|
Other Things Gentoo
